Re: [PR] [MNG-8117] Maven PluginVersionResolver improvement [maven]
michael-o commented on code in PR #1502:
URL: https://github.com/apache/maven/pull/1502#discussion_r1593508817
##
maven-core/src/main/java/org/apache/maven/plugin/version/internal/DefaultPluginVersionResolver.java:
##
@@ -261,8 +291,12 @@ private boolean isCompatible(PluginVersionRequest request,
String version) {
try {
pluginManager.checkPrerequisites(pluginDescriptor);
-} catch (Exception e) {
-logger.warn("Ignoring incompatible plugin version {}", version, e);
+} catch (PluginIncompatibleException e) {
+if (logger.isDebugEnabled()) {
+logger.warn("Ignoring incompatible plugin version {}: {}",
version, e.getMessage(), e);
Review Comment:
This looks duplicate when you pass `e` already.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (MNG-8117) Improve prerequisite evaluation and plugin version selection logging
[
https://issues.apache.org/jira/browse/MNG-8117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844568#comment-17844568
]
ASF GitHub Bot commented on MNG-8117:
-
michael-o commented on code in PR #1502:
URL: https://github.com/apache/maven/pull/1502#discussion_r1593508817
##
maven-core/src/main/java/org/apache/maven/plugin/version/internal/DefaultPluginVersionResolver.java:
##
@@ -261,8 +291,12 @@ private boolean isCompatible(PluginVersionRequest request,
String version) {
try {
pluginManager.checkPrerequisites(pluginDescriptor);
-} catch (Exception e) {
-logger.warn("Ignoring incompatible plugin version {}", version, e);
+} catch (PluginIncompatibleException e) {
+if (logger.isDebugEnabled()) {
+logger.warn("Ignoring incompatible plugin version {}: {}",
version, e.getMessage(), e);
Review Comment:
This looks duplicate when you pass `e` already.
> Improve prerequisite evaluation and plugin version selection logging
>
>
> Key: MNG-8117
> URL: https://issues.apache.org/jira/browse/MNG-8117
> Project: Maven
> Issue Type: Improvement
> Components: Plugins and Lifecycle
>Reporter: Tamas Cservenak
>Priority: Major
> Fix For: 4.0.0, 4.0.0-beta-1
>
>
> Currently, when user uses {{G:A}} the plugin tried is {{G:A:LATEST}} and is
> checked for "compatibility" (Maven prerequisite in Maven3 and Maven4, plus
> for Java prerequisite in Maven4 only). This may lead that "latest" (by Maven
> Metadata) version is not compatible, and Maven will cycle toward older
> versions. But the console output is a mess.
> Current output can be seen in this gist:
> [https://gist.github.com/cstamas/e44a2e51f5ec9f2e803dfb1d487d2fd5]
> PR creates output like this:
> https://gist.github.com/cstamas/3ca4bc6cea5f701054061871b5db3f35
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MNG-8117] Maven PluginVersionResolver improvement [maven]
cstamas commented on code in PR #1502:
URL: https://github.com/apache/maven/pull/1502#discussion_r1593510428
##
maven-core/src/main/java/org/apache/maven/plugin/version/internal/DefaultPluginVersionResolver.java:
##
@@ -261,8 +291,12 @@ private boolean isCompatible(PluginVersionRequest request,
String version) {
try {
pluginManager.checkPrerequisites(pluginDescriptor);
-} catch (Exception e) {
-logger.warn("Ignoring incompatible plugin version {}", version, e);
+} catch (PluginIncompatibleException e) {
+if (logger.isDebugEnabled()) {
+logger.warn("Ignoring incompatible plugin version {}: {}",
version, e.getMessage(), e);
Review Comment:
Agreed, all I wanted to distinguish is "with stack trace" or "without stack
trace".
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (MNG-8117) Improve prerequisite evaluation and plugin version selection logging
[
https://issues.apache.org/jira/browse/MNG-8117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844571#comment-17844571
]
ASF GitHub Bot commented on MNG-8117:
-
cstamas commented on code in PR #1502:
URL: https://github.com/apache/maven/pull/1502#discussion_r1593510428
##
maven-core/src/main/java/org/apache/maven/plugin/version/internal/DefaultPluginVersionResolver.java:
##
@@ -261,8 +291,12 @@ private boolean isCompatible(PluginVersionRequest request,
String version) {
try {
pluginManager.checkPrerequisites(pluginDescriptor);
-} catch (Exception e) {
-logger.warn("Ignoring incompatible plugin version {}", version, e);
+} catch (PluginIncompatibleException e) {
+if (logger.isDebugEnabled()) {
+logger.warn("Ignoring incompatible plugin version {}: {}",
version, e.getMessage(), e);
Review Comment:
Agreed, all I wanted to distinguish is "with stack trace" or "without stack
trace".
> Improve prerequisite evaluation and plugin version selection logging
>
>
> Key: MNG-8117
> URL: https://issues.apache.org/jira/browse/MNG-8117
> Project: Maven
> Issue Type: Improvement
> Components: Plugins and Lifecycle
>Reporter: Tamas Cservenak
>Priority: Major
> Fix For: 4.0.0, 4.0.0-beta-1
>
>
> Currently, when user uses {{G:A}} the plugin tried is {{G:A:LATEST}} and is
> checked for "compatibility" (Maven prerequisite in Maven3 and Maven4, plus
> for Java prerequisite in Maven4 only). This may lead that "latest" (by Maven
> Metadata) version is not compatible, and Maven will cycle toward older
> versions. But the console output is a mess.
> Current output can be seen in this gist:
> [https://gist.github.com/cstamas/e44a2e51f5ec9f2e803dfb1d487d2fd5]
> PR creates output like this:
> https://gist.github.com/cstamas/3ca4bc6cea5f701054061871b5db3f35
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MNG-8117] Maven PluginVersionResolver improvement [maven]
michael-o commented on code in PR #1502:
URL: https://github.com/apache/maven/pull/1502#discussion_r1593518657
##
maven-core/src/main/java/org/apache/maven/plugin/version/internal/DefaultPluginVersionResolver.java:
##
@@ -261,8 +291,12 @@ private boolean isCompatible(PluginVersionRequest request,
String version) {
try {
pluginManager.checkPrerequisites(pluginDescriptor);
-} catch (Exception e) {
-logger.warn("Ignoring incompatible plugin version {}", version, e);
+} catch (PluginIncompatibleException e) {
+if (logger.isDebugEnabled()) {
+logger.warn("Ignoring incompatible plugin version {}: {}",
version, e.getMessage(), e);
Review Comment:
I know, but that would rather confuse when the message appears twice
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (MNG-8117) Improve prerequisite evaluation and plugin version selection logging
[
https://issues.apache.org/jira/browse/MNG-8117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844573#comment-17844573
]
ASF GitHub Bot commented on MNG-8117:
-
michael-o commented on code in PR #1502:
URL: https://github.com/apache/maven/pull/1502#discussion_r1593518657
##
maven-core/src/main/java/org/apache/maven/plugin/version/internal/DefaultPluginVersionResolver.java:
##
@@ -261,8 +291,12 @@ private boolean isCompatible(PluginVersionRequest request,
String version) {
try {
pluginManager.checkPrerequisites(pluginDescriptor);
-} catch (Exception e) {
-logger.warn("Ignoring incompatible plugin version {}", version, e);
+} catch (PluginIncompatibleException e) {
+if (logger.isDebugEnabled()) {
+logger.warn("Ignoring incompatible plugin version {}: {}",
version, e.getMessage(), e);
Review Comment:
I know, but that would rather confuse when the message appears twice
> Improve prerequisite evaluation and plugin version selection logging
>
>
> Key: MNG-8117
> URL: https://issues.apache.org/jira/browse/MNG-8117
> Project: Maven
> Issue Type: Improvement
> Components: Plugins and Lifecycle
>Reporter: Tamas Cservenak
>Priority: Major
> Fix For: 4.0.0, 4.0.0-beta-1
>
>
> Currently, when user uses {{G:A}} the plugin tried is {{G:A:LATEST}} and is
> checked for "compatibility" (Maven prerequisite in Maven3 and Maven4, plus
> for Java prerequisite in Maven4 only). This may lead that "latest" (by Maven
> Metadata) version is not compatible, and Maven will cycle toward older
> versions. But the console output is a mess.
> Current output can be seen in this gist:
> [https://gist.github.com/cstamas/e44a2e51f5ec9f2e803dfb1d487d2fd5]
> PR creates output like this:
> https://gist.github.com/cstamas/3ca4bc6cea5f701054061871b5db3f35
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MNG-8117] Maven PluginVersionResolver improvement [maven]
cstamas commented on code in PR #1502:
URL: https://github.com/apache/maven/pull/1502#discussion_r1593543359
##
maven-core/src/main/java/org/apache/maven/plugin/version/internal/DefaultPluginVersionResolver.java:
##
@@ -261,8 +291,12 @@ private boolean isCompatible(PluginVersionRequest request,
String version) {
try {
pluginManager.checkPrerequisites(pluginDescriptor);
-} catch (Exception e) {
-logger.warn("Ignoring incompatible plugin version {}", version, e);
+} catch (PluginIncompatibleException e) {
+if (logger.isDebugEnabled()) {
+logger.warn("Ignoring incompatible plugin version {}: {}",
version, e.getMessage(), e);
Review Comment:
Well, mvn -X output is already quite confusing :smile: so unsure will _this_
confuse anyone... but agreed, will fix.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (MNG-8117) Improve prerequisite evaluation and plugin version selection logging
[
https://issues.apache.org/jira/browse/MNG-8117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844580#comment-17844580
]
ASF GitHub Bot commented on MNG-8117:
-
cstamas commented on code in PR #1502:
URL: https://github.com/apache/maven/pull/1502#discussion_r1593543359
##
maven-core/src/main/java/org/apache/maven/plugin/version/internal/DefaultPluginVersionResolver.java:
##
@@ -261,8 +291,12 @@ private boolean isCompatible(PluginVersionRequest request,
String version) {
try {
pluginManager.checkPrerequisites(pluginDescriptor);
-} catch (Exception e) {
-logger.warn("Ignoring incompatible plugin version {}", version, e);
+} catch (PluginIncompatibleException e) {
+if (logger.isDebugEnabled()) {
+logger.warn("Ignoring incompatible plugin version {}: {}",
version, e.getMessage(), e);
Review Comment:
Well, mvn -X output is already quite confusing :smile: so unsure will _this_
confuse anyone... but agreed, will fix.
> Improve prerequisite evaluation and plugin version selection logging
>
>
> Key: MNG-8117
> URL: https://issues.apache.org/jira/browse/MNG-8117
> Project: Maven
> Issue Type: Improvement
> Components: Plugins and Lifecycle
>Reporter: Tamas Cservenak
>Priority: Major
> Fix For: 4.0.0, 4.0.0-beta-1
>
>
> Currently, when user uses {{G:A}} the plugin tried is {{G:A:LATEST}} and is
> checked for "compatibility" (Maven prerequisite in Maven3 and Maven4, plus
> for Java prerequisite in Maven4 only). This may lead that "latest" (by Maven
> Metadata) version is not compatible, and Maven will cycle toward older
> versions. But the console output is a mess.
> Current output can be seen in this gist:
> [https://gist.github.com/cstamas/e44a2e51f5ec9f2e803dfb1d487d2fd5]
> PR creates output like this:
> https://gist.github.com/cstamas/3ca4bc6cea5f701054061871b5db3f35
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] [MNG-8117] Maven PluginVersionResolver improvement [maven]
cstamas commented on code in PR #1502:
URL: https://github.com/apache/maven/pull/1502#discussion_r1593562470
##
maven-core/src/main/java/org/apache/maven/plugin/version/internal/DefaultPluginVersionResolver.java:
##
@@ -261,8 +291,12 @@ private boolean isCompatible(PluginVersionRequest request,
String version) {
try {
pluginManager.checkPrerequisites(pluginDescriptor);
-} catch (Exception e) {
-logger.warn("Ignoring incompatible plugin version {}", version, e);
+} catch (PluginIncompatibleException e) {
+if (logger.isDebugEnabled()) {
+logger.warn("Ignoring incompatible plugin version {}: {}",
version, e.getMessage(), e);
Review Comment:
done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (MNG-8117) Improve prerequisite evaluation and plugin version selection logging
[
https://issues.apache.org/jira/browse/MNG-8117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844582#comment-17844582
]
ASF GitHub Bot commented on MNG-8117:
-
cstamas commented on code in PR #1502:
URL: https://github.com/apache/maven/pull/1502#discussion_r1593562470
##
maven-core/src/main/java/org/apache/maven/plugin/version/internal/DefaultPluginVersionResolver.java:
##
@@ -261,8 +291,12 @@ private boolean isCompatible(PluginVersionRequest request,
String version) {
try {
pluginManager.checkPrerequisites(pluginDescriptor);
-} catch (Exception e) {
-logger.warn("Ignoring incompatible plugin version {}", version, e);
+} catch (PluginIncompatibleException e) {
+if (logger.isDebugEnabled()) {
+logger.warn("Ignoring incompatible plugin version {}: {}",
version, e.getMessage(), e);
Review Comment:
done
> Improve prerequisite evaluation and plugin version selection logging
>
>
> Key: MNG-8117
> URL: https://issues.apache.org/jira/browse/MNG-8117
> Project: Maven
> Issue Type: Improvement
> Components: Plugins and Lifecycle
>Reporter: Tamas Cservenak
>Priority: Major
> Fix For: 4.0.0, 4.0.0-beta-1
>
>
> Currently, when user uses {{G:A}} the plugin tried is {{G:A:LATEST}} and is
> checked for "compatibility" (Maven prerequisite in Maven3 and Maven4, plus
> for Java prerequisite in Maven4 only). This may lead that "latest" (by Maven
> Metadata) version is not compatible, and Maven will cycle toward older
> versions. But the console output is a mess.
> Current output can be seen in this gist:
> [https://gist.github.com/cstamas/e44a2e51f5ec9f2e803dfb1d487d2fd5]
> PR creates output like this:
> https://gist.github.com/cstamas/3ca4bc6cea5f701054061871b5db3f35
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MNG-8118) Dependency-management "client" exclusions overwrite BOM exclusions
[ https://issues.apache.org/jira/browse/MNG-8118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844591#comment-17844591 ] ASF GitHub Bot commented on MNG-8118: - cstamas opened a new pull request, #1505: URL: https://github.com/apache/maven/pull/1505 Backport same fix, as very same issue stands there, user cannot really tell what and why is happening. Still, Maven 3 has only Maven prerequisite, but still same code is present. This is the backport of https://github.com/apache/maven/pull/1502 --- https://issues.apache.org/jira/browse/MNG-8117 > Dependency-management "client" exclusions overwrite BOM exclusions > -- > > Key: MNG-8118 > URL: https://issues.apache.org/jira/browse/MNG-8118 > Project: Maven > Issue Type: Bug >Affects Versions: 4.0.0-alpha-13, 4.0.x-candidate > Environment: Any >Reporter: Lenny Primak >Assignee: Guillaume Nodet >Priority: Major > > When importing BOM and introducing exclusions, they overwrite exclusions > already present in the BOM. They should not > Slack conversation link: > https://the-asf.slack.com/archives/C7Q9JB404/p1714938396499939 > Regressed by https://issues.apache.org/jira/browse/MNG-5600 > Reproducer app: [https://github.com/lprimak/apps/tree/main/emailmanager] > Fixed by: https://github.com/apache/maven/pull/1504 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-8118) Dependency-management "client" exclusions overwrite BOM exclusions
[ https://issues.apache.org/jira/browse/MNG-8118?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844593#comment-17844593 ] Tamas Cservenak commented on MNG-8118: -- Oups, typo in PR name, my PR has nothing to do with this issue, sorry! > Dependency-management "client" exclusions overwrite BOM exclusions > -- > > Key: MNG-8118 > URL: https://issues.apache.org/jira/browse/MNG-8118 > Project: Maven > Issue Type: Bug >Affects Versions: 4.0.0-alpha-13, 4.0.x-candidate > Environment: Any >Reporter: Lenny Primak >Assignee: Guillaume Nodet >Priority: Major > > When importing BOM and introducing exclusions, they overwrite exclusions > already present in the BOM. They should not > Slack conversation link: > https://the-asf.slack.com/archives/C7Q9JB404/p1714938396499939 > Regressed by https://issues.apache.org/jira/browse/MNG-5600 > Reproducer app: [https://github.com/lprimak/apps/tree/main/emailmanager] > Fixed by: https://github.com/apache/maven/pull/1504 -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-doxia-sitetools]
michael-o closed pull request #149: Bump org.apache.maven:maven-parent from 41 to 42 URL: https://github.com/apache/maven-doxia-sitetools/pull/149 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-doxia-sitetools]
michael-o commented on PR #149: URL: https://github.com/apache/maven-doxia-sitetools/pull/149#issuecomment-2100212217 Superseded by #153. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.apache.maven:maven-parent from 41 to 42 [maven-doxia-sitetools]
dependabot[bot] commented on PR #149: URL: https://github.com/apache/maven-doxia-sitetools/pull/149#issuecomment-2100212282 OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MBUILDCACHE-86] bugfix / enhancements restoration of outputs on disk [maven-build-cache-extension]
hacosta commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2100572149 I'm really looking forward to testing this out, is there a new release planned or a place where I can track it? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844656#comment-17844656 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- hacosta commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2100572149 I'm really looking forward to testing this out, is there a new release planned or a place where I can track it? > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Assignee: Olivier Lamy >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MSKINS-246) Upgrade plugins and components (in ITs)
Michael Osipov created MSKINS-246: - Summary: Upgrade plugins and components (in ITs) Key: MSKINS-246 URL: https://issues.apache.org/jira/browse/MSKINS-246 Project: Maven Skins Issue Type: Dependency upgrade Components: Fluido Skin Reporter: Michael Osipov Assignee: Michael Osipov Fix For: fluido-2.0.0-M9, fluido-2.0.0 * Upgrade to Doxia Sitetools 2.0.0-M18 * Upgrade to Maven Site Plugin 4.0.0-M14 -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MSKINS-246] Upgrade plugins and components (in ITs) [maven-fluido-skin]
michael-o commented on PR #60: URL: https://github.com/apache/maven-fluido-skin/pull/60#issuecomment-2100860439 This supersedes #58. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Adds tip that Nexus Repository can be used for a remote cache provider. [maven-build-cache-extension]
mattjohnson opened a new pull request, #151: URL: https://github.com/apache/maven-build-cache-extension/pull/151 Trivial documentation update to add Nexus Repository as a remote cache provider. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MSKINS-246] Upgrade plugins and components (in ITs) [maven-fluido-skin]
kwin commented on PR #60: URL: https://github.com/apache/maven-fluido-skin/pull/60#issuecomment-2101161619 #58 references a different JIRA ticket -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MSKINS-246] Upgrade plugins and components (in ITs) [maven-fluido-skin]
michael-o commented on PR #60: URL: https://github.com/apache/maven-fluido-skin/pull/60#issuecomment-2101165859 > #58 references a different JIRA ticket. Please split up in two separate commits each referencing different JIRA IDs Alright, will do. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MSKINS-246) Upgrade plugins and components (in ITs)
[ https://issues.apache.org/jira/browse/MSKINS-246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844743#comment-17844743 ] ASF GitHub Bot commented on MSKINS-246: --- michael-o commented on PR #60: URL: https://github.com/apache/maven-fluido-skin/pull/60#issuecomment-2101165859 > #58 references a different JIRA ticket. Please split up in two separate commits each referencing different JIRA IDs Alright, will do. > Upgrade plugins and components (in ITs) > --- > > Key: MSKINS-246 > URL: https://issues.apache.org/jira/browse/MSKINS-246 > Project: Maven Skins > Issue Type: Dependency upgrade > Components: Fluido Skin >Reporter: Michael Osipov >Assignee: Michael Osipov >Priority: Major > Fix For: fluido-2.0.0-M9, fluido-2.0.0 > > > * Upgrade to Doxia Sitetools 2.0.0-M18 > * Upgrade to Maven Site Plugin 4.0.0-M14 -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MSKINS-246] Upgrade plugins and components (in ITs) [maven-fluido-skin]
michael-o commented on PR #60: URL: https://github.com/apache/maven-fluido-skin/pull/60#issuecomment-2101203008 @kwin done -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MSHARED-1248) maven-dependency-analyzer should log instead of failing when analyzing a corrupted jar file
[
https://issues.apache.org/jira/browse/MSHARED-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Slawomir Jaranowski updated MSHARED-1248:
-
Fix Version/s: maven-dependency-analyzer-1.13.3
(was: maven-dependency-analyzer-next-release)
> maven-dependency-analyzer should log instead of failing when analyzing a
> corrupted jar file
> ---
>
> Key: MSHARED-1248
> URL: https://issues.apache.org/jira/browse/MSHARED-1248
> Project: Maven Shared Components
> Issue Type: Bug
> Components: maven-dependency-analyzer
>Affects Versions: maven-dependency-analyzer-1.13.1
> Environment: Apache Maven 3.9.1
> (2e178502fcdbffc201671fb2537d0cb4b4cc58f8)
> Maven home: C:\java\apache-maven-3.9.1
> Java version: 1.8.0_362, vendor: Temurin, runtime: C:\Program Files\Eclipse
> Adoptium\jdk-8.0.362.9-hotspot\jre
> Default locale: en_US, platform encoding: Cp1252
> OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
> Microsoft Windows [Version 10.0.19044.2728]
>Reporter: Gary D. Gregory
>Assignee: Elliotte Rusty Harold
>Priority: Major
> Fix For: maven-dependency-analyzer-1.13.3
>
>
> In Apache Commons BCEL, we include corrupted jar files created by the
> oss-fuzz project which causes the build to fail when the CycloneDX plugin
> runs to create an SBOM.
> This issue happens only after getting past the issue fixed by MSHARED-1247
> {noformat}
> [DEBUG] CycloneDX: Calculating Hashes
> [INFO]
>
> [INFO] BUILD FAILURE
> [INFO]
>
> [INFO] Total time: 3.594 s
> [INFO] Finished at: 2023-04-29T15:23:05-04:00
> [INFO]
>
> [ERROR] Failed to execute goal
> org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom (default-cli) on
> project bcel: Execution default-cli of goal
> org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed:
> Unsupported class file major version 1025 from directory =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class
> -> [Help 1]
> org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute
> goal org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom
> (default-cli) on project bcel: Execution default-cli of goal
> org.cyclonedx:cyclonedx-maven-plugin:2.7.7:makeAggregateBom failed:
> Unsupported class file major version 1025 from directory =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes, path =
> C:\Users\ggregory\git\a\commons-bcel\target\test-classes\ossfuzz\issue51980\Test.class
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
> (MojoExecutor.java:347)
> at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
> (MojoExecutor.java:330)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:213)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:175)
> at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
> (MojoExecutor.java:76)
> at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
> (MojoExecutor.java:163)
> at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
> (DefaultMojosExecutionStrategy.java:39)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:160)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:105)
> at
> org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:73)
> at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:53)
> at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
> (LifecycleStarter.java:118)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
> at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
> at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827)
> at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272)
> at org.apache.maven.cli.MavenCli.main (MavenCli.java:195)
> at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke (M
[jira] [Updated] (MSHARED-1272) commons-io to 2.13.0
[ https://issues.apache.org/jira/browse/MSHARED-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MSHARED-1272: - Fix Version/s: maven-dependency-analyzer-1.13.3 (was: maven-dependency-analyzer-next-release) > commons-io to 2.13.0 > > > Key: MSHARED-1272 > URL: https://issues.apache.org/jira/browse/MSHARED-1272 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-dependency-analyzer >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Minor > Fix For: maven-dependency-analyzer-1.13.3 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MSHARED-1356) Upgrade Parent to 41
[ https://issues.apache.org/jira/browse/MSHARED-1356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MSHARED-1356: - Fix Version/s: maven-dependency-analyzer-1.13.3 (was: maven-dependency-analyzer-next-release) > Upgrade Parent to 41 > > > Key: MSHARED-1356 > URL: https://issues.apache.org/jira/browse/MSHARED-1356 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-dependency-analyzer >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: maven-dependency-analyzer-1.13.3 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MSHARED-1347) maven-dependency-plugin ignores class of object passed as a parameter to method references
[
https://issues.apache.org/jira/browse/MSHARED-1347?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Slawomir Jaranowski updated MSHARED-1347:
-
Fix Version/s: maven-dependency-analyzer-1.13.3
(was: maven-dependency-analyzer-next-release)
> maven-dependency-plugin ignores class of object passed as a parameter to
> method references
> --
>
> Key: MSHARED-1347
> URL: https://issues.apache.org/jira/browse/MSHARED-1347
> Project: Maven Shared Components
> Issue Type: Bug
> Components: maven-dependency-analyzer
>Affects Versions: maven-dependency-analyzer-1.13.2
>Reporter: Vidar Breivik
>Assignee: Elliotte Rusty Harold
>Priority: Minor
> Fix For: maven-dependency-analyzer-1.13.3
>
>
> Text copied from [MDEP-576|https://issues.apache.org/jira/browse/MDEP-576]
> Hi there, i created a project on
> [github|https://github.com/vdergachev/dependency-plugin-vs-java-lambda] that
> can help you to reproduce the issue. Just clone it and make
> {code:java}
> mvn clean install{code}
> In my case plugin ignored Server class from jetty-server.jar and a as result
> i got message
> {code:java}
> Unused declared dependencies found{code}
>
> h4.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (MSHARED-1272) commons-io from 2.11.0 to 2.16.0
[ https://issues.apache.org/jira/browse/MSHARED-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MSHARED-1272: - Summary: commons-io from 2.11.0 to 2.16.0 (was: commons-io to 2.13.0) > commons-io from 2.11.0 to 2.16.0 > > > Key: MSHARED-1272 > URL: https://issues.apache.org/jira/browse/MSHARED-1272 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-dependency-analyzer >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Minor > Fix For: maven-dependency-analyzer-1.13.3 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MSHARED-1372) Upgrade ASM from 9.5 to 9.7 (Java 23)
[ https://issues.apache.org/jira/browse/MSHARED-1372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MSHARED-1372: - Summary: Upgrade ASM from 9.5 to 9.7 (Java 23) (was: Upgrade ASM to 9.7 (Java 23)) > Upgrade ASM from 9.5 to 9.7 (Java 23) > - > > Key: MSHARED-1372 > URL: https://issues.apache.org/jira/browse/MSHARED-1372 > Project: Maven Shared Components > Issue Type: Dependency upgrade >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Minor > Fix For: maven-dependency-analyzer-1.13.3 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MSHARED-1272] Bump commons-io:commons-io from 2.16.0 to 2.16.1 [maven-dependency-analyzer]
slawekjaranowski merged PR #114: URL: https://github.com/apache/maven-dependency-analyzer/pull/114 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MSHARED-1272) commons-io from 2.11.0 to 2.16.1
[ https://issues.apache.org/jira/browse/MSHARED-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MSHARED-1272: - Summary: commons-io from 2.11.0 to 2.16.1 (was: commons-io from 2.11.0 to 2.16.0) > commons-io from 2.11.0 to 2.16.1 > > > Key: MSHARED-1272 > URL: https://issues.apache.org/jira/browse/MSHARED-1272 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-dependency-analyzer >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Minor > Fix For: maven-dependency-analyzer-1.13.3 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MSHARED-1272) commons-io from 2.11.0 to 2.16.0
[ https://issues.apache.org/jira/browse/MSHARED-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844759#comment-17844759 ] ASF GitHub Bot commented on MSHARED-1272: - slawekjaranowski merged PR #114: URL: https://github.com/apache/maven-dependency-analyzer/pull/114 > commons-io from 2.11.0 to 2.16.0 > > > Key: MSHARED-1272 > URL: https://issues.apache.org/jira/browse/MSHARED-1272 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-dependency-analyzer >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Minor > Fix For: maven-dependency-analyzer-1.13.3 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MCOMPILER-590] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 [maven-compiler-plugin]
elharo merged PR #235: URL: https://github.com/apache/maven-compiler-plugin/pull/235 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MCOMPILER-590) Upgrade Parent to 42
[ https://issues.apache.org/jira/browse/MCOMPILER-590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844763#comment-17844763 ] ASF GitHub Bot commented on MCOMPILER-590: -- elharo merged PR #235: URL: https://github.com/apache/maven-compiler-plugin/pull/235 > Upgrade Parent to 42 > > > Key: MCOMPILER-590 > URL: https://issues.apache.org/jira/browse/MCOMPILER-590 > Project: Maven Compiler Plugin > Issue Type: Dependency upgrade >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: next-release > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[PR] Update GitHub Actions by dependabot [maven-dependency-analyzer]
slawekjaranowski opened a new pull request, #116: URL: https://github.com/apache/maven-dependency-analyzer/pull/116 (no comment) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MSHARED-1356) Upgrade Parent to 42
[ https://issues.apache.org/jira/browse/MSHARED-1356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MSHARED-1356: - Summary: Upgrade Parent to 42 (was: Upgrade Parent to 41) > Upgrade Parent to 42 > > > Key: MSHARED-1356 > URL: https://issues.apache.org/jira/browse/MSHARED-1356 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-dependency-analyzer >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: maven-dependency-analyzer-1.13.3 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MSHARED-1356] Bump org.apache.maven.shared:maven-shared-components from 41 to 42 [maven-dependency-analyzer]
slawekjaranowski merged PR #115: URL: https://github.com/apache/maven-dependency-analyzer/pull/115 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Bump com.google.guava:guava from 30.1.1-android to 32.0.0-android in /src/it/jarWithCompileDependency/project2 [maven-dependency-analyzer]
dependabot[bot] opened a new pull request, #117: URL: https://github.com/apache/maven-dependency-analyzer/pull/117 Bumps [com.google.guava:guava](https://github.com/google/guava) from 30.1.1-android to 32.0.0-android. Release notes Sourced from https://github.com/google/guava/releases";>com.google.guava:guava's releases. 32.0.0 MavenJar files https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-jre/guava-32.0.0-jre.jar";>32.0.0-jre.jar https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-android/guava-32.0.0-android.jar";>32.0.0-android.jar Guava requires https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies";>one runtime dependency, which you can download here: https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar";>failureaccess-1.0.1.jar Javadoc http://guava.dev/releases/32.0.0-jre/api/docs/";>32.0.0-jre http://guava.dev/releases/32.0.0-android/api/docs/";>32.0.0-android JDiff http://guava.dev/releases/32.0.0-jre/api/diffs/";>32.0.0-jre vs. 31.1-jre http://guava.dev/releases/32.0.0-android/api/diffs/";>32.0.0-android vs. 31.1-android http://guava.dev/releases/32.0.0-android/api/androiddiffs/";>32.0.0-android vs. 32.0.0-jre Changelog Security fixes Reimplemented Files.createTempDir and FileBackedOutputStream to further address CVE-2020-8908 (https://redirect.github.com/google/guava/issues/4011";>#4011) and CVE-2023-2976 (https://redirect.github.com/google/guava/issues/2575";>#2575). (feb83a1c8f) While CVE-2020-8908 was officially closed when we deprecated Files.createTempDir in https://github.com/google/guava/releases/tag/v30.0";>Guava 30.0, we've heard from users that even recent versions of Guava have been listed as vulnerable in other databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used FileBackedOutputStream class, which had a similar issue) to eliminate the insecure behavior entirely. This change could technically affect users in a number of different ways (discussed under "Incompatible changes" below), but in practice, the only problem users are likely to encounter is with Windows. If you are using those APIs under Windows, you should skip 32.0.0 and go straight to https://github.com/google/guava/releases/tag/v32.0.1";>32.0.1 which fixes the problem. (Unfortunately, we didn't think of the Windows problem until after the release. And while w e https://github.com/google/guava#important-warnings";>warn that common.io in particular may not work under Windows, we didn't intend to regress support.) Sorry for the trouble. Incompatible changes Although this release bumps Guava's major version number, it makes no binary-incompatible changes to the guava artifact. One change could cause issues for Widows users, and a few other changes could cause issues for users in more usual situations: The new implementations of Files.createTempDir and FileBackedOutputStream https://redirect.github.com/google/guava/issues/6535";>throw an exception under Windows. This is fixed in https://github.com/google/guava/releases/tag/v32.0.1";>32.0.1. Sorry for the trouble. guava-gwt now https://redirect.github.com/google/guava/issues/6627";>requires GWT https://github.com/gwtproject/gwt/releases/tag/2.10.0";>2.10.0. This release makes a binary-incompatible change to a @Beta API in the separate artifact guava-testlib. Specifically, we changed the return type of TestingExecutors.sameThreadScheduledExecutor to ListeningScheduledExecutorService. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435) ... (truncated) Commits See full diff in https://github.com/google/guava/commits";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` w com.google.guava guava 32.0.0-jre 32.0.0-android
[jira] [Commented] (MSHARED-1356) Upgrade Parent to 42
[ https://issues.apache.org/jira/browse/MSHARED-1356?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844770#comment-17844770 ] ASF GitHub Bot commented on MSHARED-1356: - slawekjaranowski merged PR #115: URL: https://github.com/apache/maven-dependency-analyzer/pull/115 > Upgrade Parent to 42 > > > Key: MSHARED-1356 > URL: https://issues.apache.org/jira/browse/MSHARED-1356 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-dependency-analyzer >Reporter: Slawomir Jaranowski >Assignee: Slawomir Jaranowski >Priority: Major > Fix For: maven-dependency-analyzer-1.13.3 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Update GitHub Actions by dependabot [maven-dependency-analyzer]
slawekjaranowski merged PR #116: URL: https://github.com/apache/maven-dependency-analyzer/pull/116 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Adds tip that Nexus Repository can be used for a remote cache provider. [maven-build-cache-extension]
olamy merged PR #151: URL: https://github.com/apache/maven-build-cache-extension/pull/151 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MBUILDCACHE-86] bugfix / enhancements restoration of outputs on disk [maven-build-cache-extension]
kbuntrock commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2101600438 > I'm really looking forward to testing this out, is there a new release planned or a place where I can track it? Yes, Olivier mentioned on the maven dev list that he is planning to create a release probably this week. (https://lists.apache.org/list.html?d...@maven.apache.org) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844794#comment-17844794 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- kbuntrock commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2101600438 > I'm really looking forward to testing this out, is there a new release planned or a place where I can track it? Yes, Olivier mentioned on the maven dev list that he is planning to create a release probably this week. (https://lists.apache.org/list.html?d...@maven.apache.org) > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Assignee: Olivier Lamy >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[PR] Bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M8 to 4.0.0-M14 [maven-site]
dependabot[bot] opened a new pull request, #523: URL: https://github.com/apache/maven-site/pull/523 Bumps [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) from 4.0.0-M8 to 4.0.0-M14. Commits https://github.com/apache/maven-site-plugin/commit/67624ffb51130541febf488cec401df9e841504a";>67624ff [maven-release-plugin] prepare release maven-site-plugin-4.0.0-M14 https://github.com/apache/maven-site-plugin/commit/b3a063b17f2a2a15b02b179b84103e0bf6330c87";>b3a063b [MSITE-1006] MSITE-723 causes duplicate document rendering and log output https://github.com/apache/maven-site-plugin/commit/86c6d37f7a65b57a70c4faf67b7da015e17462fb";>86c6d37 Fix broken commit 1bbad2d356a4ede8ebbe3a523533b660d66d9b58 https://github.com/apache/maven-site-plugin/commit/1bbad2d356a4ede8ebbe3a523533b660d66d9b58";>1bbad2d [MSITE-1003] Upgrade plugins and components (in ITs) https://github.com/apache/maven-site-plugin/commit/036997f9a70b7394d9a9771ede04a686aca834e1";>036997f Simplify IT for MSITE-723 https://github.com/apache/maven-site-plugin/commit/04dfdb8fa46e3f1448c7751e814fd094b2056490";>04dfdb8 [MSITE-1005] Bump org.codehaus.plexus:plexus-archiver from 4.9.0 to 4.9.2 (https://redirect.github.com/apache/maven-site-plugin/issues/175";>#175) https://github.com/apache/maven-site-plugin/commit/ec3dcb375dfc3757b3e732677713cd041a31fc68";>ec3dcb3 [MSITE-1004] Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (https://redirect.github.com/apache/maven-site-plugin/issues/178";>#178) https://github.com/apache/maven-site-plugin/commit/1e269327909ff50ed49f7806bcf943dae539c508";>1e26932 remove obsolete link to template file (https://redirect.github.com/apache/maven-site-plugin/issues/176";>#176) https://github.com/apache/maven-site-plugin/commit/d78b8da70fd186738707f14166812d721064b766";>d78b8da Expand and update CI for Maven 3.2.5 and newer https://github.com/apache/maven-site-plugin/commit/32c6b6a5b6ef348d3f8c731596022306d6611bd8";>32c6b6a [maven-release-plugin] prepare for next development iteration Additional commits viewable in https://github.com/apache/maven-site-plugin/compare/maven-site-plugin-4.0.0-M8...maven-site-plugin-4.0.0-M14";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] remove wrong tag in pom and use last maven 3 version for ITs [maven-build-cache-extension]
olamy opened a new pull request, #152: URL: https://github.com/apache/maven-build-cache-extension/pull/152 Signed-off-by: Olivier Lamy Following this checklist to help us incorporate your contribution quickly and easily: - [ ] Make sure there is a [MBUILDCACHE JIRA issue](https://issues.apache.org/jira/browse/MBUILDCACHE) filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes. - [ ] Each commit in the pull request should have a meaningful subject line and body. - [ ] Format the pull request title like `[MBUILDCACHE-XXX] - Fixes bug in ApproximateQuantiles`, where you replace `MBUILDCACHE-XXX` with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [ ] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically. - [ ] You have run the [Core IT][core-its] successfully. If your pull request is about ~20 lines of code you don't need to sign an [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure please ask on the developers list. To make clear that you license your contribution under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) you have to acknowledge this by using the following check-box. - [ ] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0) - [ ] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf). [core-its]: https://maven.apache.org/core-its/core-it-suite/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] remove wrong tag in pom and use last maven 3 version for ITs [maven-build-cache-extension]
olamy merged PR #152: URL: https://github.com/apache/maven-build-cache-extension/pull/152 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MBUILDCACHE-86] bugfix / enhancements restoration of outputs on disk [maven-build-cache-extension]
olamy commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2101725049 vote started https://lists.apache.org/thread/do2dc2tpmq2zknyqnf55xpvllop94bq5 if not issues this should be available early next week -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17844824#comment-17844824 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- olamy commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2101725049 vote started https://lists.apache.org/thread/do2dc2tpmq2zknyqnf55xpvllop94bq5 if not issues this should be available early next week > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Assignee: Olivier Lamy >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[PR] Bump testcontainersVersion from 1.19.7 to 1.19.8 [maven-resolver]
dependabot[bot] opened a new pull request, #491: URL: https://github.com/apache/maven-resolver/pull/491 Bumps `testcontainersVersion` from 1.19.7 to 1.19.8. Updates `org.testcontainers:testcontainers` from 1.19.7 to 1.19.8 Release notes Sourced from https://github.com/testcontainers/testcontainers-java/releases";>org.testcontainers:testcontainers's releases. 1.19.8 Testcontainers for Java 1.19.8 🚀 Features & Enhancements support backtick enquoting in SQL script splitter (https://redirect.github.com/testcontainers/testcontainers-java/issues/8593";>#8593) https://github.com/peterhalicky";>@peterhalicky [localstack] Automatically add LAMBDA_DOCKER_FLAGS with testcontainers labels (https://redirect.github.com/testcontainers/testcontainers-java/issues/8595";>#8595) https://github.com/dfangl";>@dfangl [qdrant] Allow to set key and config file (https://redirect.github.com/testcontainers/testcontainers-java/issues/8556";>#8556) https://github.com/eddumelendez";>@eddumelendez [weaviate] Support new project container registry (https://redirect.github.com/testcontainers/testcontainers-java/issues/8512";>#8512) https://github.com/ThomasVitale";>@ThomasVitale [kafka] Add support for apache/kafka (https://redirect.github.com/testcontainers/testcontainers-java/issues/8416";>#8416) https://github.com/eddumelendez";>@eddumelendez [kafka] Skip starting zookeeper when using a Kafka container with the provided Zookeeper (https://redirect.github.com/testcontainers/testcontainers-java/issues/8433";>#8433) https://github.com/silh";>@silh Use Awaitility to Poll the Image Pull (https://redirect.github.com/testcontainers/testcontainers-java/issues/8453";>#8453) https://github.com/JKomoroski";>@JKomoroski Avoid usage of the non monotonic clock System.currentTimeMillis() in favor of System.nanoTime() (https://redirect.github.com/testcontainers/testcontainers-java/issues/6392";>#6392) https://github.com/Nateckert";>@Nateckert Fix DateTimeParseException when created is not set in image config (https://redirect.github.com/testcontainers/testcontainers-java/issues/8302";>#8302) https://github.com/SgtSilvio";>@SgtSilvio [redpanda] Override entrypoint (https://redirect.github.com/testcontainers/testcontainers-java/issues/8450";>#8450) https://github.com/eddumelendez";>@eddumelendez [weaviae] Add method for getting gRPC port (https://redirect.github.com/testcontainers/testcontainers-java/issues/8431";>#8431) https://github.com/antas-marcin";>@antas-marcin [clickhouse] Add getDatabaseName() method (https://redirect.github.com/testcontainers/testcontainers-java/issues/8339";>#8339) https://github.com/colin-lee";>@colin-lee 🐛 Bug Fixes Pass env to ComposeDelegate in DockerComposeContainer#stop (https://redirect.github.com/testcontainers/testcontainers-java/issues/8493";>#8493) https://github.com/mmusenbr";>@mmusenbr 📖 Documentation 🧹 Housekeeping Add Weaviate module tests with modules (https://redirect.github.com/testcontainers/testcontainers-java/issues/8481";>#8481) https://github.com/antas-marcin";>@antas-marcin Update alpine image version to 3.17 (https://redirect.github.com/testcontainers/testcontainers-java/issues/8476";>#8476) https://github.com/eddumelendez";>@eddumelendez fix getConnectionString javadoc (https://redirect.github.com/testcontainers/testcontainers-java/issues/8129";>#8129) https://github.com/gabrielluciano";>@gabrielluciano 📦 Dependency updates Move to gradle/actions/wrapper-validation (https://redirect.github.com/testcontainers/testcontainers-java/issues/8559";>#8559) https://github.com/eddumelendez";>@eddumelendez upgrade to github actions setup-java v4 (https://redirect.github.com/testcontainers/testcontainers-java/issues/8475";>#8475) https://github.com/sullis";>@sullis Update ryuk version to 0.7.0 (https://redirect.github.com/testcontainers/testcontainers-java/issues/8451";>#8451) https://github.com/eddumelendez";>@eddumelendez chore: use new sshd:1.2.0 image (https://redirect.github.com/testcontainers/testcontainers-java/issues/8574";>#8574) https://github.com/mdelapenya";>@mdelapenya Commits https://github.com/testcontainers/testcontainers-java/commit/9b780dd8f27b7665f34c54ae738c41eccf73ad44";>9b780dd Add support for backtick enquoting in SQL script splitter (https://redirect.github.com/testcontainers/testcontainers-java/issues/8593";>#8593) https://github.com/testcontainers/testcontainers-java/commit/8b9eb0cdd8c7b7d6b04ef68c21b89e771441a758";>8b9eb0c Fix Ollama code snippet https://github.com/testcontainers/testcontainers-java/commit/2195610f0d2a0864d1f9bd79bedf2c66e8386393";>2195610 Add LAMBDA_DOCKER_FLAGS with testcontainers labels (https://redirect.github.com/testcontainers/testcontainers-java/issues/8595";>#8595) https://github.com/testcontainers/testcontainers-java/commit/994b385761dde7d832ab7b6c10
